DNS Exclusive - DNAT rules only for 1 of 2 VPN clients?

Jack Yaz

Part of the Furniture
I've recently started dabbling with OpenVPN clients again, and set both client 1 and 2 to use exclusive dns. i see the nat table get some rules for VPN Client 1, but nothing for VPN Client 2.

Separate list of redirected IPs in each client. I'm almost sure its something I've caused, but I wondered if anyone else sees this?
 

Jack Yaz

Part of the Furniture
And without changing anything, the rules are there now...
 

eibgrad

Part of the Furniture
I tried to reproduce the problem, and thought I had, until I realized I had specified the following in the custom config for OpenVPN client #2.

Code:
pull-filter ignore "dhcp-option DNS"

That got to thinking maybe you had done the same. Once I removed it, then the DNSVPN1 and DNSVPN2 chains in the nat table appeared as expected.

I suppose it's always possible as well the VPN provider *might* NOT push a DNS server. Exclusive assumes this is never going to happen.
 

Jack Yaz

Part of the Furniture
I tried to reproduce the problem, and thought I had, until I realized I had specified the following in the custom config for OpenVPN client #2.

Code:
pull-filter ignore "dhcp-option DNS"

That got to thinking maybe you had done the same. Once I removed it, then the DNSVPN1 and DNSVPN2 chains in the nat table appeared as expected.

I suppose it's always possible as well the VPN provider *might* NOT push a DNS server.
Something to check, but alas its not there. I think it was caused by me rapidly restarting vpnclient1 followed by 2, and the firewall tripped over itself. adding a sleep of 15s between service calls seems to be OK
 

eibgrad

Part of the Furniture
Something to check, but alas its not there. I think it was caused by me rapidly restarting vpnclient1 followed by 2, and the firewall tripped over itself. adding a sleep of 15s between service calls seems to be OK

Maybe. But I thought iptables used a lock to prevent this. It should always serialize entry to prevent these kinds of lost updates.

P.S. Or maybe it's the firewall service that's locking. IIRC, the VPNs don't use the firewall service itself, but their own route-up/route-down scripts to manage this stuff.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top